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Period for Reply 

A SHORTENED STATUTORY PERIOD FOR REPLY IS SET TO EXPIRE 3 MONTH(S) FROM 
THE MAILING DATE OF THIS COMMUNICATION. 

- Extensions of time may be available under the provisions of 37 CFR 1 136(a). In no event, however, may a reply be timely filed 
after SIX (6) MONTHS from the mailing date of this communication. 

- If the period for reply specified above is less than thirty (30) days, a reply within the statutory minimum of thirty (30) days will be considered timely. 

- If NO period for reply is specified above, the maximum statutory period will apply and will expire SIX (6) MONTHS from the mailing date of this communication. 

- Failure to reply within the set or extended period for reply will, by statute, cause the application to become ABANDONED (35 U.S.C. § 133). 
Any reply received by the Office later than three months after the mailing date of this communication, even if timely filed, may reduce any 
earned patent term adjustment. See 37 CFR 1.704(b). 

Status 

1 )KI Responsive to communication(s) filed on 05 May 2004 . 
2a)D This action is FINAL. 2b)E3 This action is non-final. 

3) D Since this application is in condition for allowance except for formal matters, prosecution as to the merits is 

closed in accordance with the practice under Ex parte Quayle, 1935 CD. 1 1 , 453 O.G. 213. 

Disposition of Claims 

4) KI Claim(s) 1-24 is/are pending in the application. 

4a) Of the above claim(s) is/are withdrawn from consideration. 

5) D Claim(s) is/are allowed. 

6) ^ Claim(s) 7-24 is/are rejected. 

7) D Claim(s) _ is/are objected to. 

8) Q Claim(s) are subject to restriction and/or election requirement. 
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10)D The drawing(s) filed on ■ is/are: a)D accepted or b)Q objected to by the Examiner. 
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Replacement drawing sheet(s) including the correction is required if the drawing(s) is objected to. See 37 CFR 1.121(d). 
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DETAILED ACTION 

1. This action is in response to the communication filed on May 05, 2004. Claims 1 
- 24 were received for consideration. No preliminary amendments to the specification 
were filed. Claims 1 - 24 are currently being considered. 

2. Two initialed and dated copies of Applicant's IDS form 1449 are attached to the 
Office action. 



Claim Rejections - 35 USC § 102 

The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that 
form the basis for the rejections under this section made in this Office action: 
A person shall be entitled to a patent unless - 

(e) the invention was described in (1) an application for patent, published under section 122(b), by 
another filed in the United States before the invention by the applicant for patent or (2) a patent 
granted on an application for patent by another filed in the United States before the invention by the 
applicant for patent, except that an international application filed under the treaty defined in section 
351(a) shall have the effects for purposes of this subsection of an application filed in the United States 
only if the international application designated the United States and was published under Article 21(2) 
of such treaty in the English language. 



3. Claims 1 - 24 are rejected under 35 U.S.C. 102(e) as being anticipated by 
Langford et al. (U.S. Patent Number 6,470,450). 
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Regarding Claim 1 , Langford teaches and describes a method of detecting 
unauthorized executable programs resident in a computer system memory comprising 
the steps of: 

receiving a trusted hash value representative of a hash value for generation by a 
predetermined hashing process of predetermined data stored in memory within the 
computer system if an unauthorized executable program is other than resident in 
the computer system (Column 3 lines 36 - 44 and Column 4 lines 15 - 30); 

hashing the data stored in memory within the computer system using the 
predetermined hashing process to determine a computed hash value (Column 3 lines 5 

- 30, 36 - 44 and Column 4 lines 1 - 4); and 

comparing the computed hash value and the trusted hash value to determine 
differences between the data and the predetermined data (Column 3 lines 23 - 30 and 
Column 4 lines 30 - 38). 

Regarding Claim 17, Langford teaches and describes a method of detecting 
unauthorized executable programs resident in a computer system comprising the steps 
of: 

a) providing a trusted security application executable on a processor of the computer 
system for determining a hash value using a predetermined hashing process of 
predetermined data existing in memory within the computer system (Column 3 lines 36 

- 44 and Column 4 lines 1 5 - 30); 
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b) hashing the data existing in memory within the computer system using the 
predetermined process to determine a hash value (Column 3 lines 5 - 30, 36 - 44 and 
Column 4 lines 1 -4); 

c) digitally signing the hash value to provide a trusted hash value (Column 3 lines 
31 - 35 and Column 4 lines 1 - 7 and 26 - 44); and 

d) retrievably storing the trusted hash value, wherein the predetermined data 
relates to programs in execution on the processor of the computer system (Column 4 
lines 1-7 and Column 5 lines 10-15). 

Claim 2 is rejected applied as above in rejecting Claim 1. Furthermore, Langford 
teaches and describes a method of detecting unauthorized executable programs 
resident in a computer system memory including the steps of 

aa) receiving user authorization information (Column 5 line 62 - Column 6 line 1); 

aaa) authenticating the user authorization information to perform at least one of 
authorize and identify a user (Column 5 line 62 - Column 6 line 5); and 

aaaa) when the user is at least one of authorized or identified, requesting 
security data of the user (Column 6 line 2-9). 

Claim 5 is rejected applied as above in rejecting Claim 1. Furthermore, Langford 
teaches and describes a method of detecting unauthorized executable programs 
resident in a computer system memory, comprising the steps of: 
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receiving a request for security data from an application in execution in the 
computer system (Column 4 lines 26 - 44 and Column 5 lines 36 - 42); and, 

when the comparison is indicative of other than an unauthorized executable 
programs resident in a computer system, providing security data to the application 
(Column 6 lines 44 - 48 and Column 8 lines 49 - 53)). 

Claim 6 is rejected applied as above in rejecting Claim 1. Furthermore, Langford 
teaches and describes a method of detecting unauthorized executable programs 
resident in a computer system memory, wherein 

the trusted hash value and the computed hash value are determined by a same 
trusted security application executing locally on a processor of a same computer system 
at different times, the trusted hash value determined when the computer system is in a 
known secure state (Column 3 lines 5-17 and 36 - 44). 

Claim 8 is rejected applied as above in rejecting Claim 1. Furthermore, Langford 
teaches and describes a method of detecting unauthorized executable programs 
resident in a computer system memory, including the step of: 

b1 ) verifying an authenticity of the digitally signed trusted hash value (Column 5 
lines 24 - 35 and Column 6 lines 30 - 41 ). 

Claim 22 is rejected applied as above in rejecting Claim 1. Furthermore, Langford 
teaches and describes a method of detecting unauthorized executable programs 



Application/Control Number: 09/977,203 Page 6 

Art Unit: 2136 

resident in a computer system memory, wherein predetermined data includes DLL 
tables (Column 3 lines 19 - 30). 

Claim 23 is rejected applied as above in rejecting Claim 1 . Furthermore, Langford 
teaches and describes a method of detecting unauthorized executable programs 
resident in a computer system memory, wherein predetermined data includes system 
memory locations indicative of executable programs in operation (Column 4 lines 1 - 7). 

Claim 24 is rejected applied as above in rejecting Claim 1. Furthermore, Langford 
teaches and describes a method of detecting unauthorized executable programs 
resident in a computer system memory, wherein predetermined data is hashed in an 
absolute memory location independent fashion (Column 4 lines 1-14 and Column 8 
line 58 - Column 9 line 6). 

Claim 18 is rejected applied as above in rejecting Claim 17. Furthermore, 
Langford teaches and describes a method of detecting unauthorized executable 
programs resident in a computer system memory, comprising the steps of: 

e) comparing a computed hash value with the trusted hash value to detect 
changes to the predetermined data existing in memory within the computer system 
(Column 3 line 64 - Column 4 line 8 and Column 8 lines 21 - 33). 
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Claim 3 is rejected applied as above in rejecting Claim 2. Furthermore, Langford 
teaches and describes a method of detecting unauthorized executable programs 
resident in a computer system memory, wherein 

the authorization data is at least a biometric information sample (Column 6 lines 
2 - 5); and 

wherein the step of authenticating includes a step of comparing the at least a 
biometric information sample to a previously stored biometric template (Column 6 lines 
2 - 29). 

Claim 4 is rejected applied as above in rejecting Claim 1. Furthermore, Langford 
teaches and describes a method of detecting unauthorized executable programs 
resident in a computer system memory, comprising the steps of: 

when the comparison is indicative of other than an unauthorized executable 
programs resident in a computer system, providing the requested security data relating 
to the user (Column 4 lines 26 - 44). 

Claim 7 is rejected applied as above in rejecting Claim 6. Furthermore, Langford 
teaches and describes a method of detecting unauthorized executable programs 
resident in a computer system memory, wherein the trusted hash is digitally signed 
(Column 3 lines 31 - 35 and Column 4 lines 1 - 7 and 26-44); 
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Claim 9 is rejected applied as above in rejecting Claim 8. Furthermore, Langford 
teaches and describes a method of detecting unauthorized executable programs 
resident in a computer system memory, comprising the steps of: 

receiving a request for security data from an application in execution in the 
computer system (Column 4 lines 1 - 7); and, 

when the authenticity of the digitally signed trusted hash value is verified and the 
comparison is indicative of other than an unauthorized executable programs resident in 
a computer system, providing the requested security data to the application (Column 8 
lines 21 -48). 

Claim 1 1 is rejected applied as above in rejecting Claim 8. Furthermore, Langford 
teaches and describes a method of detecting unauthorized executable programs 
resident in a computer system memory, comprising the step of: 

d) when the computed hash value and the trusted hash value are other than 
indicative of a known secure state, issuing a notification that an unauthorized 
executable program is detected within the computer system (Column 6 line 68 - 
Column 7 line 5). 

Claim 19 is rejected applied as above in rejecting Claim 18. Furthermore, 
Langford teaches and describes a method of detecting unauthorized executable 
programs resident in a computer system memory, comprising the steps of: 

f) verifying the authenticity of the digital signature of the trusted hash value 
(Column 5 lines 24 - 35 and Column 6 lines 30 - 41 ). 
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Claim 13 is rejected applied as above in rejecting Claim 7. Furthermore, Langford 
teaches and describes a method of detecting unauthorized executable programs 
resident in a computer system memory, comprising the step of transmitting the trusted 
hash value to a second other computer system in communication with the computer 
system and retrievably storing the trusted hash value within the second other computer 
system (Column 4 lines 1 - 7; Column 5 lines 10-15 and Column 8 lines 21 -48). 

Claim 10 is rejected applied as above in rejecting Claim 9. Furthermore, Langford 
teaches and describes a method of detecting unauthorized executable programs 
resident in a computer system memory, wherein the application and the predetermined 
hashing process are both executed on the same processor of the computer system 
(Column 8 lines 21 -48). 

Claim 12 is rejected applied as above in rejecting Claim 11. Furthermore, 
Langford teaches and describes a method of detecting unauthorized executable 
programs resident in a computer system memory, comprising the step of: 

e) when the computed hash value and the trusted hash value are other than 
indicative of a known secure state preventing access to the computer system (Column 8 
lines 21 -48). 
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Claim 20 is rejected applied as above in rejecting Claim 19. Furthermore, 
Langford teaches and describes a method of detecting unauthorized executable 
programs resident in a computer system memory, comprising the steps of: 

g) when the computed hash value and the trusted hash value are indicative of a 
same trusted state of a computer system, providing security data from a trusted source 
to an application in execution on the system (Column 3 lines 5-17 and 36 - 44). 

Claim 14 is rejected applied as above in rejecting Claim 13. Furthermore, 
Langford teaches and describes a method of detecting unauthorized executable 
programs resident in a computer system memory, including the step of transmitting the 
computed hash value to the second other computer system for comparison with the 
trusted hash value by a processor of the second other computer system (Column 8 
lines 21 -48). 

Claim 21 is rejected applied as above in rejecting Claim 20. Furthermore, 
Langford teaches and describes a method of detecting unauthorized executable 
programs resident in a computer system memory, comprising the step of: 

h) when the computed hash value and the trusted hash value are other than 
indicative of a same secure state of the system, notifying a system administrator 
(Column 6 line 68 - Column 7 line 5). 

Claim 15 is rejected applied as above in rejecting Claim 14. Furthermore, 
Langford teaches and describes a method of detecting unauthorized executable 
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programs resident in a computer system memory, wherein the computed hash value is 
a value determined in dependence upon the predetermined data existing in memory 
within the computer system and some time dependent data of the computer system 
(Column 4 lines 50 - Column 5 line 8). 

Claim 16 is rejected applied as above in rejecting Claim 14. Furthermore, 
Langford teaches and describes a method of detecting unauthorized executable 
programs resident in a computer system memory, wherein the second other computer 
system includes a trusted source wherein security data is stored for provision to 
applications in execution on systems that are known to be secure (Column 3 lines 5 - 
17 and 36-44). 

Conclusion 

4. The prior art made of record and not relied upon is considered pertinent to 
applicant's disclosure. See PTO Form 892. 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Pramila Parthasarathy whose telephone number is 571- 
272-3866. The examiner can normally be reached on Tuesday - Thursday 8:00a.m. To 
3:00p.m.. 
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If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Ayaz Sheikh can be reached on 571-232-3795. The fax phone number for 
the organization where this application or proceeding is assigned is 703-872-9306. 

Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for published 
applications may be obtained from either Private PAIR or Public PAIR only. For more 
information about the PAIR system, contact the Electronic Business Center (EBC) at 
866-217-9197 (toll-free). 



Pramila Parthasarathy 
January 27, 2005. 
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